Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

thefanboy writes "What do you get when you cross BackTrack Linux apps with a mobile phone? This is the first ever publicly available mobile phone running a full custom Linux network auditing distribution, and it runs it surprisingly well. One can literally go from phone to pwn in 2 seconds. Based off of the Openmoko Neo Freerunner, many steps have been taken to compensate for the lack of a QWERTY keyboard with automation scripts, dialogs, and a point-and-pwn menu. It runs applications such as Metasploit and the Aircrack suite quite well, especially given the fact that it supports a wide array of USB WLAN cards."

'pwn' drives me nuts. In my eyes the use of it seriously undermines any project and gives the impression that it is presided over by annoying 13 years olds which, in turn, pretty much makes me dismiss it.

"'pwn' drives me nuts. In my eyes the use of it seriously undermines any project and gives the impression that it is presided over by annoying 13 years olds which, in turn, pretty much makes me dismiss it."

The word "conservatism" is being used to mean "the principles and practices of political conservatives" in that context. A new variant of principles and practices by political conservatives is quite obviously a legitimate condition and neoconservatism describes it without confusion. "Newstickwiththeold" certainly doesn't make sense, both as a word and as a conceptual breakdown of the term neoconservative.

Try and remember how you were when you were 13. I've noticed a strong tendency for annoying 13 year olds to write damn good code. They're idealistic, trying to prove themselves, and don't have anything better to do; dealing with a little language silliness is a small price to pay.

Seriously, I'd trust code written by 13 year olds a lot more than that written by major companies.

"Seriously, I'd trust code written by 13 year olds a lot more than that written by major companies."

Then you'd be stupid.

Sure, a young kid can write some novel little things, but serious software? No. It does in fact take teams of people do to that - in the OSS world or corporate world (or as often is the case, a mix of the two.)

Generally speaking, 13 year old boys don't do much on the Internet except beg for shit, yell at shit, and talk shit. Lots of shit is involved.

It's not limited to 13 year olds, but it sure is true for many 1st person shooter type games. I used to enjoy playing games like CS and stuff with my friend but we both eventually got tired of the little kiddies ruining every game.

Generally speaking, 13 year old boys don't do much on the Internet except beg for shit, yell at shit, and talk shit. Lots of shit is involved.

Ummm, no. You forgot the pr0n. Lots & lots of pr0n.

It's not limited to 13 year olds, but it sure is true for many 1st person shooter type games. I used to enjoy playing games like CS and stuff with my friend but we both eventually got tired of the little kiddies ruining every game.

Sure, a young kid can write some novel little things, but serious software? No. It does in fact take teams of people do to that - in the OSS world or corporate world (or as often is the case, a mix of the two.)

No it doesn't. Any piece of software actually large enough to need a team (which is a far far smaller number than the number which are generally written by team) should be separated into smaller components. A single good coder beats a team - of any size - every time; I've lost count of the number of times I've seen a kid write a superior replacement for something that took a major corp. six months in one 36-hour shot.

Generally speaking, 13 year old boys don't do much on the Internet except beg for shit, yell at shit, and talk shit. Lots of shit is involved.

95% of everything is shit. Yes, a lot of 13 year olds are doing shit, but they aren't the ones who are writing and releasing code.

It's not limited to 13 year olds, but it sure is true for many 1st person shooter type games. I used to enjoy playing games like CS and stuff with my friend but we both eventually got tired of the little kiddies ruining every game.

You'd be surprised how many of those "kiddies" are actually in their 20s or worse.

Uhhh, I don't know how everyone else was when they were 13, but when I was 13 I was watching cartoons and letting people think I was good at computers because I understood most of the settings on the computer. I didn't touch code until very late high school. If I did when I was 13 I think it would have been unmaintainable garbage.

I also frequently used the term "pwn" in my shitty online videogames.

Well actually, as a testament to my nerdiness, I thought it meant "pawn" first. As in, someone's so awesome t

I wrote a (shitty) text adventure on the C64 when I was 8 or 9. By I was 13 I was probably hacking away in MOO code and Turbo Pascal. But yeah, I agree, the original post about trusting a 13-year-old's code is a bit ridiculous.

I think the problem here is the definition of "good". While it might be inventive or very efficient, it will probably not be very readable or maintainable. Thirteen year old programmers aren't thinking about commenting, portability, planning for future changes, etc. Experience counts for an awful lot because you know how to avoid the pitfalls that will surprise the novice programmer. Version 1.0 will look great. But creating 2.0 could be a nightmare, and only the original coder will have a chance of pu

Now, you might disagree with me, but I think this officially means that the NSA and other government agencies (I'm looking at you Alaska) need to work extra hard to ensure their networks are locked down good.

Point and click becomes point and own? Maybe not that easy, but All your AP are belong to us is going to happen soon enough. One thing that Linux and F/OSS definitely does do; puts real software and OS in the hands of those that the NSA would rather not need to worry about.

Actually, the IT infrastructure in the State of Alaska is reasonably good. What you are asking for is that Alaska politicians understand the difference between.ak.gov and yahoo.com. Not only that, you're asking for Alaska politicians to not circumvent that difference whenever they feel it's convenient.

Fat Chance. Remember, this is the state that created the Tubes [wikipedia.org]. And that thinks boiled Moose noses [nytimes.com] are delicacies.

Contrary to popular belief, they don't need to provide the source code to the public if they wish to abide to the GPL, they only need to provide it to those they have provided with the software (or the phone, in this case).

This will be the single biggest justification that Apple and other locked down mobile device vendors will use against projects like OpenMoko. I mean, do they really have to distribute metasploit with it?

I understand the thrill of walking around with conveniant access to script kiddie^W^Wpenetration testing tools wherever you go and are, really, I do. Business treats you bad? Take over^W^Wpwn their network. Girlfriend breaks up with you? Upload a picture of your penis as her background. Okay, so let me b

You forget, emacs once (jokingly) stood for "Eight Megs and Constantly Swapping." You know how much memory emacs uses today? Eight megs. Now find an app that does everything that emacs can in less than tens times that much memory.

in between a ton of 503 http replies (slashdotting in progress) i have managed to browse all those pages (F5 FTW!) and i have NOT seen a link to download the software itself or even the source code and not even a promise of future availability.

Since the Linux kernel is licensed under the GPL and they seem to provide a binary-only kernel for their customers (no source code that i saw) it seems we have here yet another clear cut GPL violation case.

Since the Linux kernel is licensed under the GPL and they seem to provide a binary-only kernel for their customers (no source code that i saw) it seems we have here yet another clear cut GPL violation case.

Since they haven't distributed anything yet, that is libel. Not to mention they don't have to distribute source to everybody, just with the devices. And you don't know what's on the backup DVD.

Let's check I'm not misunderstanding you. They supply the software on DVD and SD card to people who purchse it. There's no need for downloads, you say.

What of the 'any third party' requirements of the GPL: that source code improvements on any GPL-licensed work must be conveyed to any third party who requests it? So they might send out DVD's, but I'd assume that it's cheaper to pay bandwidth on an online repository than to make up DVD images every time their repositories update.

That "any third party" requirement only kicks in if they DON'T supply the source code with the software. If they do supply it to anyone who gets the software, they're well within their rights to tell the original complainer to buy it or shut up.

I've just checked and you're right. Is that not a loophole in the spirit of the GPL: sell GPL'd software as the only place to get your particular improvements?

(But once it's escaped your clutches it's Free Software -- whether by US-style first-sale or EU-style exhaustion of rights -- and you can't stop someone to whom it has been conveyed from making it available for download. That's what CEntOS do for RHEL.)

I don't think it's really a loophole. I think it's more intended to be easy on people for whom the requirement to offer it to *anyone* for three years would be too much of a pain in the ass. After all, they would have to keep the last three years' worth of versions handy. Not that this is an insurmountable requirement: lots of people do it. But for a company who's not specializing in distributing anything over the web, it's probably easier just to send the source code with the binary code.

Yes it does:
"We have gone great lengths in making the NeoPwn user friendly when it comes to performing many of the necessary tasks in automating system controls and penetration tests."
That means it does systems control and penetration testing. And of course it's a phone as well.

OMG! This ain't no Poniez. Is the full-on Backtrack CD (just google backtrack for the link). Most users know it on either Live-CD or USB-stick boot-up form. I don't know of any manufacturers until now, that offer it pre-installed, tweaked, and (semi?) supported.

You think its news when Dell pre-loads Ubuntu on a laptop? In certain circles, this is *much* bigger news. It makes auditing one's own network a much more routine task, because this is a handy little wifi tool!
Even *with* a live CD or USB stick,

Debian runs very well on my openmoko and its not that hard to use the commandline with rastermans keyboard. The screen has excellent resolution so reading the terminal works really well.

This device makes things dandy for people who want an easy way to test their network. Scriptkiddies will love them to but thats just fine. The script kids are the ones who forces better security trough. The alternative is to be hacked all day by corps and govts and never nowing about it.

"Note that the current firmware limitations of the internal wireless does not allow for monitor mode nor packet injection. An external USB WLAN is required for this type of operation."

I like how an external adapter can be an option, but as of now it's a requirement. This sort of ruins the image of this being "a powerful discreet network auditing tool for the penetration tester", atleast for me.(They do mention that it's the current firmware limiting this, but there's nothing about if and when they'll "fix" this)

neopwn - the name of the projectpentesting - penetration testing is running scans to find security holes in a networkbacktrack - backtrack is a linux distro that comes with all the tools to do sopwn - slang corruption of "own" - another way of saying taking over a machineopenmoko - is a version of linux for running on mobile phones such as...neo freerunner - is the name for the physical phonemetasploit - is a software tool for scanning/running exploitsaircrack - is a software tool for cracking wep keys and